Hedgey Finance Token Infrastructure Platform: Cybersecurity Breach
Within a mere two-hour timeframe, the token infrastructure platform Hedgey Finance suffered a substantial loss of approximately $44.5 million in digital assets. This incident transpired across Ethereum’s layer-2 network Arbitrum and Binance Smart Chain, highlighting vulnerabilities in the platform’s security measures.
The Cybersecurity Breach
In a statement released on April 19, blockchain security firm Cyvers shed light on the nature of the attack. The malicious actor behind the breach exploited Hedgey’s “createLockedCampaign” function by leveraging flash-loaned funds to siphon off the considerable sum of digital assets. The initial theft amounted to $1.9 million, swiftly converted to the DAI stablecoin and transferred to an external address. Subsequently, the attacker replicated the same exploit on the Arbitrum chain, absconding with an additional $42.8 million after securing funding on the ETH Chain via FixedFloat.
Cyvers noted the challenges encountered in reaching out to Hedgey Finance’s team following the breach. Emphasizing the importance of enhanced collaboration between decentralized applications (dApps) and cybersecurity firms, Cyvers underscored the critical need to mitigate risks in the DeFi landscape and rebuild trust among stakeholders.
Aftermath and Impact
Post-attack, the address associated with the breach emerged as the primary holder of the BONUS token, the native digital asset of BonusBlock. Notably, the value of the BONUS token recorded a 10% decline to $0.5084 in response to the security breach. The attacker has already initiated asset transfers, relocating over 200,000 BONUS tokens valued at $110,000 to the Bybit exchange.
In response to the breach, Hedgey Finance launched a thorough investigation into the incident and promptly advised users with active claims to cancel them utilizing the “End Token Claim” feature on the platform’s official website.
“We are actively working with our auditors and team to understand the attack and stop any ongoing exploitation. We will share more information as we learn more,”
Furthermore, fraudulent accounts purporting to represent the Hedgey protocol have surfaced on social media platforms, particularly X, encouraging affected users to seek refunds or revoke smart contract approvals through dubious phishing links.
Image/Photo credit: source url